Authentifier Apache vers IMAP
Pour avoir une DB user unique, je suis parti sur ma source d’utilisateur et dans mon cas c’est postfixadmin pour les mails.
Du coup; je me suis amusé à écrire un petit bout perl qui permet à apache de s’auth vers un serveur IMAP.
apt-get install libnet-imap-simple-ssl-perl
apt-get install libunix-syslog-perl
apt-get install libapache2-mod-authnz-external
cat /etc/apache2/conf-enabled/xymon.conf
DefineExternalAuth dovecotpw pipe /etc/apache2/auth/dovecotpw.pl
ScriptAlias /xymon-cgi "/usr/lib/xymon/cgi-bin"
Directory "/usr/lib/xymon/cgi-bin"
AllowOverride None
Options ExecCGI Includes
AuthType Basic
AuthName "Xymon Administration"
Require valid-user
AuthBasicProvider external
AuthExternal dovecotpw
cat /etc/apache2/auth/dovecotpw.pl
#!/usr/bin/perl
use strict;
use warnings;
use Unix::Syslog qw(:macros :subs);
use Net::IMAP::Simple::SSL;
my $VERSION = '1.0';
my $server = 'imap.distran.org';
my $port = 993;
my $use_ssl = 1;
syslog LOG_INFO,"imap-auth: waiting for packet";
chomp(my $user = );
chomp(my $password = );
my $result;
#print "checking [$user] and [$password]\n";
syslog(LOG_INFO,"imap-auth: request ('auth', \"$user\", '****')");
# successful authentication
if (is_valid($user, $password)){
$result = 0;
syslog(LOG_INFO,"imap-auth: -> +OK");
} else {
$result = 1;
}
closelog;
exit $result;
sub is_valid
{
my ($user, $password) = @_;
my $is_valid = 0;
# Create the object
my $imap = Net::IMAP::Simple->new($server,
(
port => $port,
use_ssl => $use_ssl
) ) ||
die "Unable to connect to IMAP: $Net::IMAP::Simple::errstr\n";
$imap->starttls;
if ( $imap->login("$user", $password) ) {
$is_valid = 1;
syslog(LOG_INFO,"imap-auth: -> +OK imap server says you're cool. Welcome.");
} else {
syslog(LOG_INFO,"imap-auth: -> -ERR imap server has a problem with you: $! $_ $/ " . $imap->errstr);
}
$imap->quit;
return ($is_valid);
}
tail /var/log/syslog
Nov 24 13:01:05 xymon-server01 perl: imap-auth: waiting for packet
Nov 24 13:01:05 xymon-server01 perl: imap-auth: request ('auth', "user@domain.com", '****')
Nov 24 13:01:05 xymon-server01 perl: imap-auth: -> +OK imap server says you're cool. Welcome.
Nov 24 13:01:05 xymon-server01 perl: imap-auth: -> +OK
cat /etc/apache2/auth/dovecotpw.sh
#!/bin/bash
read DCUSER
read DCPASS
/usr/bin/doveadm auth ${DCUSER} ${DCPASS}
exit $?